Re: [GNAP] [Txauth] Revisiting the photo sharing example (a driving use case for the creation of OAuth)
Francis Pouatcha <fpo@adorsys.de> Wed, 12 August 2020 11:58 UTC
Return-Path: <fpo@adorsys.de>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D94303A0FA5 for <txauth@ietfa.amsl.com>; Wed, 12 Aug 2020 04:58:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=adorsys.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1DnJgvR5RyDA for <txauth@ietfa.amsl.com>; Wed, 12 Aug 2020 04:58:01 -0700 (PDT)
Received: from mail-wm1-x330.google.com (mail-wm1-x330.google.com [IPv6:2a00:1450:4864:20::330]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96FBB3A0FA0 for <txauth@ietf.org>; Wed, 12 Aug 2020 04:58:00 -0700 (PDT)
Received: by mail-wm1-x330.google.com with SMTP id k20so1659693wmi.5 for <txauth@ietf.org>; Wed, 12 Aug 2020 04:58:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adorsys.de; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ZO3K0BXPExI6gGrjo7HW7LkdRN44KWZHjxtzeKT0pf4=; b=RwiUGBVJwGQvkBnhbRq5d19Ssj+TQGg+9bZOozrt9l3I0YgVm/RjrzlQ8xc++Yyfg8 RiXFkfNFVu135a0MwCmXsMlnXRMUzllWs7KLuR1GsBiVJI2b+A6/DJFv/Je+tC8MtIwu ps/FoA/ZFDHTh+6QE7WooUyf4qyOVyoSJBe+Q=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ZO3K0BXPExI6gGrjo7HW7LkdRN44KWZHjxtzeKT0pf4=; b=LKQhj6kbyC/0cXGNYsxP901anqUo5PtDDxeHHeUKZ9aZteO6IcknGomRQtnRQd5vtQ ZiZitWEE36+EvYYb/hA+KLBMDHb+0ZjpxaqYqON6WbYNBXmVyREpxn+7CpSur1vR+oQj mmjpMIH7h7UMwyhT+zl47+YPhdWPeHUNA+u3j3wG7uXbleLElbcMg1bZ75urRPbQ5Gim P+BrxaWtansv4gtW9NYerXcdb0tZNtLtfztM5tnxRi17cXdKevpBOVyNlZGtmJqxuuz7 QDlCCvwCX3PdF90tJKpupiupGMIZv97CTll3f8A8O112enryt6P8I03wl/v7+/4aQxEM jtZA==
X-Gm-Message-State: AOAM532cvy4JnTQvGO1pRJ7sDrYoBUJtslkywMcglDXj7bIAnvCBp0jF +o0QTVg7h9oWzMFar7V+fw3KC8dy2tQuiYyUsRhWBQ==
X-Google-Smtp-Source: ABdhPJyUZiH4bWzhuirbNVh9y63PrUEd48Qvl4yeWaeC/oGpIzeTdMB1xzwu9QumhoC/XFqqHlNvnBevSIlwKPrHAqo=
X-Received: by 2002:a7b:c3d4:: with SMTP id t20mr8131059wmj.8.1597233479046; Wed, 12 Aug 2020 04:57:59 -0700 (PDT)
MIME-Version: 1.0
References: <c5f40413-93b8-2e8c-0a3e-14a07cd27ad0@free.fr> <ECF217AE-1D67-4EAE-AE51-531F6EE6E222@mit.edu> <583aedda-ae41-1f3e-6623-671f2197614c@free.fr> <20200804185313.GT92412@kduck.mit.edu> <CAJot-L2hykst2vFxcwLn_auDMMaw7psVwsKFHKhQp9DA49ydWg@mail.gmail.com> <A4DC7B4E-FD34-454F-9396-B971CF5D57A4@mit.edu> <CAD9ie-tKEp+PV3F4p84Zbu7Kd1dQutawnzHybt8cmg-XniLYLQ@mail.gmail.com> <CAOW4vyN4ifCXmk1XAyGK4cEfY1jTp6+AWOL-uNjEpVcp0Ku0UQ@mail.gmail.com> <CAD9ie-ugjNevqKAPWFjKqGMMpCvX6yyC=M4bs9naenJf-k9uqg@mail.gmail.com> <CAOW4vyOrXstAvc3eKbsUh+gOPT-79nevR8nT5FyKTe+aAQ1pSw@mail.gmail.com> <CAD9ie-sZbxBKuLgC3Bu+yzJATOETdto=S83B6FOmC3gFJWz1jw@mail.gmail.com> <CAOW4vyOoBVihSc9FvDJyU49DfvYdeL1UfNVgPS6CfYOUKBSFzQ@mail.gmail.com> <CAD9ie-sBdOT6Ltvdrq5twjWTBdk9Cf7DR4QnRGGAB6CLDBbk0w@mail.gmail.com>
In-Reply-To: <CAD9ie-sBdOT6Ltvdrq5twjWTBdk9Cf7DR4QnRGGAB6CLDBbk0w@mail.gmail.com>
From: Francis Pouatcha <fpo@adorsys.de>
Date: Wed, 12 Aug 2020 07:57:48 -0400
Message-ID: <CAOW4vyPsw8-vXrkemVPJ-1n3z8puoLXF_3Xsc-9gKfhZn-w+OA@mail.gmail.com>
To: Dick Hardt <dick.hardt@gmail.com>
Cc: Justin Richer <jricher@mit.edu>, Denis <denis.ietf@free.fr>, Benjamin Kaduk <kaduk@mit.edu>, "txauth@ietf.org" <txauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000246ed705acace69a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/n2zElnD1CMWl14R8XSdavD5U5fQ>
Subject: Re: [GNAP] [Txauth] Revisiting the photo sharing example (a driving use case for the creation of OAuth)
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Aug 2020 11:58:03 -0000
On Tue, Aug 11, 2020 at 11:39 PM Dick Hardt <dick.hardt@gmail.com> wrote: > Thanks Francis > > (I'm assuming your second (2) should have been a (6) ) > Yes. Typo > > Am I correct that 1, 4, & 7 are human interactions, > Yes in the university use case. They might not be human interaction in other use cases. They are not part of the protocol, but help for use case mapping. > and 2, 3, 5, & 6 are part of the protocol? > Yes. > > ᐧ > > On Tue, Aug 11, 2020 at 7:14 PM Francis Pouatcha <fpo@adorsys.de> wrote: > >> Hello Dick, >> >> I will use the university registration use case as an example to >> illustrate steps (1) and (7). >> >> +-----------+ +--------------+ +-----------+ +----+ >> +---------------------+ >> | Requestor | | Orchestrator | | RS | | GS | | Resource >> Controller | >> | is UNIV-1 | | is UNIV-1 | | is UNIV-0 | | or | | is >> | >> | Staff | | Registr. App | | Server | | AS | | >> Student | >> +-----------+ +--------------+ +-----------+ +----+ >> +---------------------+ >> |(1) RegisterStudent(StudentId) | | | >> |---------------------->| | | | >> | |(2) RequestRecordIntent(RecordType,StudentId, >> | | OrchestratorId):AuthRequest[RecordType, >> StudentId] >> | |<-------------->| | | >> | | | | | >> | |(3) AuthZRequest(RecordType,StudentId >> ,OrchestratorId) >> | |--------------------------->| | >> | | | |(4) >> ConsentRequest(RecordType, >> | | | | >> OrchestratorId):Consent >> | | | |<-------------->| >> | |(5) AuthZ[RecordType,StudentId,OrchestratorId] >> | |<---------------------------| | >> | | | | | >> | |(2) RequestRecord(RecordType,StudentId >> ,OrchestratorId) >> | | :RecordOf[StudentId] | | >> | |<-------------->| | | >> |(7) Registered | | | | >> |<----------------------| | | | >> + + + + + >> >> Step (1) is the initial service request "RegisterStudent" sent by >> the university staff to the University registration application. >> >> Step (7) is the response to step (1), the notification of the university >> staff that the registration was successful. >> >> Best regards >> /Francis >> >> >> On Tue, Aug 11, 2020 at 7:38 PM Dick Hardt <dick.hardt@gmail.com> wrote: >> >>> Hi Francis, responses inline ... >>> >>> On Tue, Aug 11, 2020 at 3:37 PM Francis Pouatcha <fpo@adorsys.de> wrote: >>> >>>> Hello Dick, >>>> >>>> On Tue, Aug 11, 2020 at 6:22 PM Dick Hardt <dick.hardt@gmail.com> >>>> wrote: >>>> >>>>> Hi Francis >>>>> >>>>> The user is an entity, not a role in the protocol in how I am defining >>>>> roles, so steps (1) and (7) are confusing to me on what is happening. >>>>> >>>> "Requestor" is the role (*was* User). So the UML participant refers to >>>> the role "Requestor" >>>> >>> >>> I still don't understand what is happening in (1) and (7) >>> >>> >>>> >>>> >>>>> I also think that (2) could be an extension to GNAP, rather than part >>>>> of the core protocol. >>>>> >>>> If you make it an extension, you hide. It shall rather be an optional, >>>> integral part of the protocol. >>>> >>> >>> Most deployments today accomplish (2) by the developer reading RS >>> documentation. >>> >>> I'm in favor of showing that step in an abstract diagram. But it is not >>> clear to me what the requirements for (2), and they may vary radically >>> across use cases, so putting it in the core document seems to be getting >>> ahead of ourselves. >>> >>> >>>> In some open banking designs, >>>> - the "Orchestrator/Negotiator/Client" will not know the AS to talk to >>>> unless the call (2). >>>> >>> >>> Have you put these use cases in the wiki? >>> >>> >>>> - the request (2) might result in an exemption, meaning no need for >>>> further authorization, allowing to skip (3, 4, 5) and even (6). >>>> >>> >>> Agreed. >>> >>>> ᐧ >>> >> >> >> -- >> Francis Pouatcha >> Co-Founder and Technical Lead >> adorsys GmbH & Co. KG >> https://adorsys-platform.de/solutions/ >> > -- Francis Pouatcha Co-Founder and Technical Lead adorsys GmbH & Co. KG https://adorsys-platform.de/solutions/
- [Txauth] Revisiting the photo sharing example (a … Denis
- Re: [Txauth] Revisiting the photo sharing example… Dick Hardt
- Re: [Txauth] Revisiting the photo sharing example… Justin Richer
- Re: [Txauth] Revisiting the photo sharing example… Tom Jones
- Re: [Txauth] Revisiting the photo sharing example… Denis
- Re: [Txauth] Revisiting the photo sharing example… Denis
- Re: [Txauth] Revisiting the photo sharing example… Justin Richer
- Re: [Txauth] Revisiting the photo sharing example… Dick Hardt
- Re: [Txauth] Revisiting the photo sharing example… Dick Hardt
- Re: [Txauth] Revisiting the photo sharing example… Benjamin Kaduk
- Re: [Txauth] Revisiting the photo sharing example… Warren Parad
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Fabien Imbault
- Re: [GNAP] Revisiting the photo sharing example (… Denis
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] Revisiting the photo sharing example (… Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- [GNAP] Terminology Denis
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] Terminology Dick Hardt
- Re: [GNAP] Terminology Justin Richer
- Re: [GNAP] Terminology Dick Hardt
- Re: [GNAP] Terminology Francis Pouatcha
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Francis Pouatcha
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] Terminology Dave Tonge
- Re: [GNAP] Terminology Tom Jones
- Re: [GNAP] Terminology Mike Jones
- Re: [GNAP] Terminology Denis
- Re: [GNAP] Terminology Dick Hardt
- Re: [GNAP] Terminology Justin Richer
- Re: [GNAP] Terminology Dick Hardt
- Re: [GNAP] Terminology Francis Pouatcha
- Re: [GNAP] Terminology Justin Richer
- Re: [GNAP] Terminology Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Francis Pouatcha
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Francis Pouatcha
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Francis Pouatcha
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Denis
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] Terminology Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Denis
- Re: [GNAP] Terminology Dick Hardt
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] Terminology Justin Richer
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] Terminology Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Francis Pouatcha
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] Terminology Dave Tonge
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Denis
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Denis
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] Terminology Denis
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Denis
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Tom Jones
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Fabien Imbault
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Fabien Imbault
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Tom Jones
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Denis
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Denis
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Francis Pouatcha
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dave Tonge
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Fabien Imbault
- Re: [GNAP] Terminology Denis
- [GNAP] User consent Denis
- [GNAP] User consent Denis
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] Terminology Justin Richer
- Re: [GNAP] Terminology - into Github Issues Francis Pouatcha
- Re: [GNAP] Terminology - into Github Issues Denis
- Re: [GNAP] User consent Francis Pouatcha
- Re: [GNAP] User consent Tom Jones
- Re: [GNAP] User consent Denis
- Re: [GNAP] User consent Denis
- Re: [GNAP] User consent Francis Pouatcha
- Re: [GNAP] Terminology Tom Jones
- Re: [GNAP] Terminology - into Github Issues Fabien Imbault
- Re: [GNAP] Terminology - into Github Issues Warren Parad
- Re: [GNAP] User consent Dick Hardt
- Re: [GNAP] Terminology Dick Hardt
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] User consent Fabien Imbault
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Fabien Imbault
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Fabien Imbault